IMAP Port 143 with STARTTLS and Outlook 2010

I’m a little behind the game here as I’ve been using the explicit port 993 for my secure email, but when securing my server for PCI compliance I decided to see how the STARTTLS worked.

I’m running Outlook 2010 on Windows 10 and set the port to 143 and TLS as the security option.
When I try to connect I just get an error:

Log onto incoming mail server (IMAP): A secure connection to the server cannot be established.

If I put it to port 993 and TLS:

Log onto incoming mail server (IMAP): The operation timed out waiting for a response from the server.

If I put it to port 993 and SSL, everything works as expected.

Is this an issue with the server or Outlook being the old 2010 version?

Hi Justin

For imap in outlook, I believe from memory you have to define inbox folder in outlook imap

Also, as you posted you had changed your ciphers for imap/tls, then outlook may not be able to connect if the ciphers cannot be agreed between outlook and the imap server

I apologise if I’m wrong though, and your ciphers are default

Many thanks

John

Hi Justin
Sorry, you got me thinking, so I tested using Outlook 2007 imap, which does fail on TLS 143/993, but works as expected using SSL
I know certainly on our servers, SSL is disabled, and therefore only TLS could work, and also my Iphone5 is set to TLS, which also works lovely, but the question is, is setting SSL in outlook, using TLS, so I tested it (see below - certain details changed), which shows TLS in use.
I am not sure though if this is just a microsoft issue, as my iphone does connect using TLS, and in daily use.
I hope that helps a little
Many thanks
John
Test Results
1134.**Finished negotiating SSL - algorithm is TLS_RSA_WITH_AES_256_CBC_SHA
1135.<~~ OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE] Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information.

1288.~~>A LOGIN t1@mydomain.url password

1290.<~~A OK LOGIN Ok.

1427.~~>B LIST “” *

1429.<~~* LIST (\HasNoChildren) “.” “INBOX.Learn Spam”

• LIST (\HasNoChildren) “.” “INBOX.Learn Ham”

• LIST (\Marked \HasChildren) “.” “INBOX”

B OK LIST completed.

11547.~~>C SELECT INBOX

11548.<~~* FLAGS (\Draft \Answered \Flagged \Deleted \Seen \Recent)

• OK [PERMANENTFLAGS (* \Draft \Answered \Flagged \Deleted \Seen)] Limited

• 9 EXISTS

• 0 RECENT

• OK [UIDVALIDITY 1484041471] Ok

C OK [READ-WRITE] Ok

21668.~~>D LOGOUT

21669.<~~* BYE Courier-IMAP server shutting down

D OK LOGOUT completed

2017-01-10 09:51:12.064655500 tcpserver: end 24809 status 0
2017-01-10 09:51:12.063808500 INFO: LOGOUT, user=t1@mydomain.url, ip=[216.68.n.n], headers=0, body=0
2017-01-10 09:50:51.716343500 INFO: LOGIN, user=t1@mydomain.url, ip=[216.68.n.n], protocol=IMAP
2017-01-10 09:50:51.420211500 INFO: Connection, ip=[216.68.85.112]
2017-01-10 09:50:50.693890500 tcpserver: ok 24809 mydomain.url:::ffff:5.n.n.n:993 :::ffff:216.68.n.n::52868
2017-01-10 09:50:50.693889500 tcpserver: pid 24809 from 216.68.n.n

The ciphers I know are ok, because whether you connect on port 143 STARTTLS or directly on port 993, the security is exactly the same.

I read these to articles which cleared up a lot of things for me. Basically SSL and TLS are the same to the server, it’s all “secure”. The difference is SSL is used to describe explicit port definition (993) and TLS is more like STARTTLS which can be used on port 143. Once connected both will use the best encryption both the client and server can use.

SSL vs TLS

SSL vs TLS vs STARTTLS

My guess is my outlook version just is not capable of doing a STARTTLS command. Which is why most server continue to accept Secure IMAP on port 993 since older software can communicate securely on port 143.

Hi Justin

Makes sense, good call and outlook is more geared to exchange

Many thanks

John